Are your DomainKey/DKIM keys secure enough?

If you are securing your outbound email with DomainKeys or DKIM, please be aware of the key-length you are using.  It has recently come to light that using DomainKeys or DKIM (DomainKeys Identified Mail) with key lengths of less than 1024-bit could enable others to forge messages from your domain. Stay vigilant against any DKIM attacks as well with preventative measures.

This is important to everyone, but especially important to domains that are likely to be used in phishing attacks, since a compromise of their keys could allow phishing email to seem even more legitimate.

If you would like to generate keys for your DomainKey and DKIM signing, the SocketLabs Domain Key and DKIM generator currently generates 1024-bit keys.  It is a free tool, have a blast!

[update 2012-11-07]  According to Return Path, Gmail will immediately begin failing DKIM keys less than or equal to 512-bits.

Table of Contents